Payment Services Directive 2 (PSD2) Compliance
Last updated: Apr 24th, 4:20pm
The Payment Services Directive 2 (PSD2) regulates online payment services and providers in Europe. PSD2 enables open banking by introducing Access to Account (XS2A). XS2A allows customers to use the services of third-party providers to access account information or initiate transactions on their behalf. PSD2 gives providers a regulated, open market to compete in, while providing customers more payment options and increased security.
PSD2 goals
The following list defines some of the goals of PSD2:
-
Defining third-party license types—To facilitate XS2A Account Access, PSD2 defines two types of third-party providers (TPPs) regulated by National Competent Authorities:
- Account Information Service Providers (AISPs): Service providers that aggregate and display the customer's online account information of one or more accounts held at one or more account servicing payment service providers (ASPSPs).
- Payment Initiation Service Providers (PISPs): Service providers that initiate payment transactions on behalf of the customer.
-
Increasing customer security—PSD2 includes Strong Customer Authentication (SCA), an authentication process that validates the user's identity of a payment service or a payment transaction. For more information, see PSD2.
-
Increasing communication security with TPPs—PSD2 requires TPPs to use electronic Identification, Authentication, and trust Services (eIDAS) certificates for electronic signatures and electronic seals. Qualified Trust Service Providers (QTSPs) issue the eIDAS certificates, further ensuring security.
PayPal's XS2A implementation
PayPal enables XS2A use cases for TPPs through PayPal’s REST stack. Through PayPal's reliable and proven APIs, TPPs can access the same PayPal systems that power all of PayPal's merchant and consumer experiences.
PayPal provides interfaces and necessary documentation for TPPs that explain XS2A use cases like the following:
- Accessing a PayPal user’s account information, such as account balances and transaction history.
- Initiating payments from a PayPal user’s account to another PayPal user.
Contact us
Are you an AISP or PISP looking to connect to PayPal? Contact us or Register as a third-party provider with PayPal. After registering with us, we will verify your TPP License Certificate, enable PayPal XS2A Scopes on your REST Client ID, and email your TPP registered email address. You can start integrating and testing PayPal XS2A to Go Live.
Interface performance
PayPal's XS2A interface leverages PayPal's high-performance REST API stack to ensure best performance and availability for TPP access. Download this datasheet to review PayPal’s interface performance data.
PayPal UK Ltd under the payment services regulations
From 1 November 2023, PayPal UK must also publish information on the performance and availability of dedicated interfaces for third-party access. Download this datasheet to review PayPal UK Ltd’s interface performance data.
PSD2 glossary
Here's a list of commonly used PSD2 terms.
Term | Definition |
---|---|
API | Application Programming Interface |
AISP | Account Information Service Providers |
ASPSPs | Account Servicing Payment Service Providers |
EEA | European Economic Area |
eIDAS | Electronic Identification, Authentication and Trust Services |
EU | European Union |
NCA | National Competent Authority |
PISP | Payment Initiation Service Providers |
PSD2 | Payment Services Directive 2 |
QTSPs | Qualified Trust Service Providers |
RTS | Regulatory Technical Standards on Strong Consumer Authentication and Secure Communication |
SCA | Strong Customer Authentication |
TPPs | Third-Party Providers |
XS2A | Access to Account |